Getting started

This section describes the practical steps to get up and running in the SpareBank 1 sandbox environment.

All of the API's within the portal will respond with data from a closed sandbox environment. We strive to keep the APIs deployed in the sandbox the same as in .production, but minor discrepancies might occur.

Swagger 2.0 definitions can be downloaded for all API's in the developer portal. The SpareBank1 API's uses the OAuth 2.0 protocol to authorize API's in production but this protocol is simplified and mocked in the sandbox. In addition a dummy bank and customer is automatically assigned when generating your Oauth token in the sandbox environment.

A request token is required to send requests to the API's. To generate the token you will first need OAuth credentials for your application.

Click on your newly created application.

Click the "Edit application" button.

Click the "Authentication" tab.

Expand "OAuth Credentials" and click the "Generate" button. A window called "Generate OAuth Client Credentials" will pop up. For basic testing of the API's within the developer portal just press "Generate Client". An OAuth Client ID is generated and you are ready for testing the API's.

Choose the OAuth client from the application you created (see drop-down list).

Click "Request token" and then click "Authorize". This will pass your application's OAuth credentials, along with the end-user's authentication code, to SpareBank1 to issue a bearer token. A bearer token enables you to complete actions on behalf of, and with the approval of, the end-user. The end-user is, as already explained, mocked and static in the sandbox.

Click the URI you want to test and fill in the parameters needed (if any).

To issue an OAuth Token do a request to https://developer-api.sparebank1.no/oauth/token, see example below. The client id and client secret can be found under OAuth Credentials in your registered application in the developer portal.

Production

To get your application registered for production use you need to be a strategic partner of one of the banks in the SpareBank 1 alliance. When the formal process is in place you will be issued with your applications credentials for production: an appkey, a client id and client secret.

Pass your application's credentials, along with the end-user's authentication code, to SpareBank 1 to be issued a bearer token. A bearer token enables you to complete actions on behalf of, and with the approval of, the end-user.

Submit a POST request with a x-www-form-urlencoded body to https://api.sparebank1.no/oauth/token.